From users-return-3728-apmail-directory-users-archive=directory.apache.org@directory.apache.org Wed Feb 16 07:12:40 2011 Return-Path: Delivered-To: apmail-directory-users-archive@www.apache.org Received: (qmail 85055 invoked from network); 16 Feb 2011 07:12:40 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 16 Feb 2011 07:12:40 -0000 Received: (qmail 64713 invoked by uid 500); 16 Feb 2011 07:12:40 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 64467 invoked by uid 500); 16 Feb 2011 07:12:36 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 64459 invoked by uid 99); 16 Feb 2011 07:12:35 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Feb 2011 07:12:35 +0000 X-ASF-Spam-Status: No, hits=3.7 required=5.0 tests=FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of nata.cs2@gmail.com designates 209.85.215.178 as permitted sender) Received: from [209.85.215.178] (HELO mail-ey0-f178.google.com) (209.85.215.178) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 16 Feb 2011 07:12:30 +0000 Received: by eyh5 with SMTP id 5so635521eyh.37 for ; Tue, 15 Feb 2011 23:12:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=d2Nvgg8UelGxBUKEXGZyr7m4cNQllrCNQYNxo2zrmCw=; b=vynxHun7EwQLHGvSi9BNQ6a9ojqev6q1NiDGo+20FB2+2aZK9dSir6218S8bBTJR2b K8mn+xGoH5nqR6iwgT/rIBdzkZ+5gANkaJVXSM9iYrpudOHVPL8ndJqDcBPOi9wdK/Jm BxP8tS6YBDGPpCAynft8gbG8FwgPb22BmoXLM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=etAn0Bw5MU2Pm3LMu+L1C1haWwhuMa7lgnMGyQJXtv/SVlhrJLT1phk0l/Y9OmcdvL 0hPcumaaGJQRRtdNc60I2wdWW0FSmC1+rhmnzdj9yzzub1IKafJH9MW3aN/+/nsk1UPl zQhXzL9hSUPYZYQttsbxIPkCXvAjqiJY9/734= MIME-Version: 1.0 Received: by 10.14.127.1 with SMTP id c1mr197431eei.3.1297840329092; Tue, 15 Feb 2011 23:12:09 -0800 (PST) Received: by 10.14.22.70 with HTTP; Tue, 15 Feb 2011 23:12:09 -0800 (PST) In-Reply-To: References: Date: Wed, 16 Feb 2011 08:12:09 +0100 Message-ID: Subject: Re: [Studio] SSL (ldaps) connection only with tls_ssf=128 instead of 256 From: Natalia To: users@directory.apache.org Content-Type: multipart/alternative; boundary=00248c0ef0dcca6f0c049c60ff76 --00248c0ef0dcca6f0c049c60ff76 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, i use GSSAPI (Kerberos) with "Authentication with integrity and privacy protection". In logs it looks: BIND dn=3D"" mech=3DGSSAPI sasl_ssf=3D56 ssf=3D56 It is same with Apache DS and ldapsearch. Best regards, Natalia 2011/2/15 Pierre-Arnaud Marcelot > Hi Natalia, > > What kind of Quality of Protection (QOP) are you using for the connection= ? > > Regards, > Pierre-Arnaud > On mardi 15 f=E9vrier 2011 at 13:48, Natalia wrote: > > Hi, > > > > I use Apache Directory Studio. I have taken for the connection to LDAP > > server the Encryption methode SSL. But in the log file of LDAP I see: > > TLS established tls_ssf=3D128 ssf=3D128 > > > > Instead of: > > TLS established tls_ssf=3D256 ssf=3D256 > > what gets I after the connection with GQ (anothe LDAP Browser) or > ldapsearch > > -H "ldaps://... > > > > I have tried with StartTLS - result is always same. What I can make to > bind > > with tls_ssf=3D256 to LDAP? It is necessary from the existed ACLs. > > > > Thank you in advance for your help > > > > Kind regards, > > > > Natalia > > > --00248c0ef0dcca6f0c049c60ff76--